Russian authorities take down REvil ransomware gang
Suspected members of the cyber criminal REvil ransomware gang have been detained and the group has been dismantled following raids by Russia’s Federal Security Service (FSB), Moscow has said.
Joint action by the FSB and the Ministry of Internal Affairs of Russia was taken at 25 properties across several regions of Russia, including Moscow, St. Petersburg and Lipetsk, linked to 14 members of the REvil ransomware group.
According to a statement from the FSB, several member of REvil have been detained and charged. Computer equipment has been seized along with cryptocurrency and crypto wallets, as well as over 426 million rubles, $600,000 US dollars and Є500,000 in Euros. It said 20 luxury cars bought with money obtained from ransomware attacks has have also been seized.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The raids took place following requests from the United States, which has been a major victim of ransomware attacks by REvil.
Previous action has been taken against REvil, including suspected members being arrested in Romania and Ukraine, but the raids by the FSB is the first time Russian authorities have taken action against the group.
One of the most significant alleged REvil attacks targeted Kaseya, an IT solutions developer for MSPs and enterprise clients. REvil was also accused of being responsible for a major ransomware attack against food supplier JBS, which paid $11 million in Bitcoin to the attackers in exchange for the key required to decrypt the network.
Last year, the United States and other G7 countries warned Russia that it needed to take responsibility for ransomware and other cyber criminal groups operating within its borders. Ransomware has become one of the biggest cybersecurity issues facing the world today, with attacks against every sector resulting in disruption.
High-profile incidents have seen hospitals and healthcare services, energy suppliers and local governments hit with ransomware attacks, preventing people from being able to access vital services they need.
MORE ON CYBERSECURITY